Detecting errors in the Pandas software module using the Svace static code analyzer

M. A. Lapina, M. I. Khodakov, S. K. Grobova

North-Caucasus Federal University

Abstract: The article deals with the urgent problem of software security at the early stage of its development. Special attention is paid to static code analysis, which is a key tool for detecting vulnerabilities at early stages of the software development life cycle. The article emphasizes the importance of integrating static analysis tools into the development process in order to detect and eliminate vulnerabilities early. The methods of static analyzers’ error search are considered, as well as the main components of the Svace static analyzer developed at the Institute of System Programming of the Russian Academy of Sciences. Classification of analyses used in the Svace static analyzer is presented. Static analysis of source code in Python programming language is considered in detail. As a practical example the analysis of the Pandas 2.2.1 project performed with the help of Svace is given. The result was the detection of 241 vulnerabilities for 590709 lines of code, which shows a high density of warnings per million lines of code and confirms the effectiveness of static analysis in ensuring software security.

Keywords: static code analysis; static analyzer; lexical analyzers; lightweight analyzers; abstract syntax tree; code fragment.

DOI: 10.15514/ISPRAS-2024-36(4)-2